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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 5/23/2007 appealing fi-om the Office action mailed 
10/24/2005. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's 
decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 



6,367,009 



DAVIS 



4-2002 



5,948,064 



BERTRAM 



9-1999 



6,240,091 



GINZBOORG 



5-2001 



Application/Control Number: 09/426,442 
Art Unit: 2134 



Page 3 



5,774,552 GRIMMER 6-1998 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

DETAILED ACTION 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 2, 7-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Davis US 6,367009 in view of Bertram US 5,948,064. 

As per claims 1,8, 12, and 13 Davis discloses an MTS or middle tier server, verifying a 
users ID through a digital certificate submitted by the client, (authentication component), 
(Col 1 1 lines 39-43). Davis also discloses the ETS or end tier server verifying the users 
ID through use of a digital certificate, (Col 13 lines 27-31). Davis teaches that the ETS 
uses access control comprising a list of authorized users, (directory), (Col 13 lines 35-39). 
Davis discloses that if the user is not on the access control list, the system will restrict 
access, (access control system), (Col 13 lines 40-42). 
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Davis does not disclose permitting the user access to a portion of a computer site and 
restricting the user from at least one other portion of the computer site. Davis does not 
disclose user accounts indicating which portion of the computer site to which the 
corresponding user is permitted access. 

Bertram teaches a system in which a users are permitted access to at least one portion of a 
computer site. Bertram teaches a database (directory) of user accounts wherein the user 
is assigned a group and is allowed access to data said group is permitted to access. (Col 5 
lines 44-48, Col 6 lines 1-6, Col 8 lines 30-35, 48-53). It would be obvious to one skilled 
in the art to modify the system of Davis with the user account access control of Bertram 
because ACL's do not provide the level of security and flexibility that user accounts do. 

As per claims 2, 9, and 14, Davis teaches that the access policy declares that unauthorized 
users have access to no portion of the computer site, (Col 13 line 42). 
As per claim 7, Davis discloses the computer site is in an extranet, (Col 9 lines 17-19). 
As per claim 10, a user would submit a URL request as part of the internet request, (Col 9 
lines 14- 17). 

As per claim 1 1, Davis discloses sending a digital signature inside a certificate. A digital 
signature can be decrypted with a public key, (Col 12, line 54). 

Claims 4-6, 16, and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Davis US 6,367,009 in view of Bertram US 5,948,064 in view of Ginzboorg US 
6,240,091. 
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As per claims 4, and 16, the previous Davis-Bertram combonation does not teach a log 
system to record user actions in a computer site. 

Ginzboorg discloses by means of charging records, a log system to record user interaction 
with a computer site, (Col 8 lines 22-26, Col 1 1 lines 17-21). 

It would have been obvious to one skilled in the art to modify the access policy of Davis 
with the recording system of Ginzboorg to provide the necessary data for billing purposes 
(Ginzboorg Col 3 lines 2-4). 

As per claims 5, 6, and 17, Davis does not disclose provide a transaction authentication 
system to produce verified records of transactions performed using the computer site. 
Davis does not disclose that the transaction authentication system includes a digital 
signing module for validating transactions. 

Ginzboorg discloses a system that produces records of transactions using a computer site 
and verifies these records using digital signatures, (Col 8 lines 30-34, 40-41). 
It would have been obvious to one skilled in the art to modify the access policy of Davis 
with the recording system of Ginzboorg to provide the necessary data for billing purposes 
(Ginzboorg Col 3 lines 2-4). 

Claims 3, and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Davis US 6,367,009 in view of Bertram US 5,948,064 in view of Grimmer US 
5,774,552. 

As per claim 3, the previous Davis-Bertram combination does not disclose a certificate 
authority to issue a digital certificate to the user. 
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Grimmer discloses that a Certificate Authority issues a digital certificate to the user, (Col 
5 lines 55-65). 

It would be obvious to one skilled in the art to modify the access policy of Davis with the 
certificate authority of Grimmer, because the Certificate Authority provides a secure 
trusted source, (Grimmer Col 5 lines 24-27). 

(10) Response to Argument 

As per claims 1,2, and 7-14 the appellant argues that there is no motivation to combine 
Davis 6,367,009 with Bertram US 5,948,064. Appellant argues that the office action 
does not provide objective evidence to support the motivational statement made by the 
examiner. The examiner responds by asserting that it would have been obvious to one of 
ordinary skill in the art. Both the Davis, and Bertram references regard the same 
technology and are of an analogous art. In this instance both Davis and Bertram regard 
network security and authentication. In light of the recent KSR v. Teleflex decision, this 
should provide sufficient motivation to combine the two references. 
Appellant also argues that nowhere in Davis does it suggest its access control list (ACL) 
is a strict yes or no type. In Davis column 13 lines 35-42 the reference reads "will 
compare this name to its list of authorized users. If the name is authorized, then the 
application will process the request that is being made on behalf of the fust-tier client; 
otherwise, the request will be rejected." The examiner asserts that access control lists 
generally are "yes or no" systems, and that user accounts which perform the same 
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authentication function, may also be highly tailored, and include additional information 
about a user. 

Appellant argues the references are from the same assignee and that Bertram predates 
Davis, therefore it would not have been obvious to combine the references or it would 
already have been done. The examiner counters that inventions are by different 
inventors. The examiner argues that just because a feature hasn't been included in an 
invention doesn't mean it can't or that it is not obvious to do so. One method may 
provide benefits the other feature doesn't. In the instant case the user account provides 
more flexibility for the administrator than does the access control list. Both the access 
control method and the user account method both perform authentication and are of an 
analogous art. 

Applicant argues claims 3-6, and 15-17 are patentable due to the previous argument for 
claims 1, 2, and 7-14. The examiner argues because the rejection of claims 1, 2, and 7-14 
should be maintained, the rejection of claims 3-6, and 15-17 should also be maintained. 
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(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 



For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 




Christopher Brown 



Conferees 
Kambiz Zi 




KAMBIZ ZAND 
SUPERVISORY PATENT EXAMINER 



